Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware

Cyber security is on the minds of everybody in the technology world these days, yet hackers and internet criminals seem to be outsmarting the masses yet again. One particular cyber criminal syndicate is using malware-as-a-service through the Nuclear exploit kit.

Malware-as-a-service Is A Thing Now

Everything is being turned into some “as-a-service” model, whether it is technology, the blockchain, or in this case, malware. A syndicate of cyber criminals are using the Nuclear exploit kit to spread malware worldwide, and they control a total of fifteen active control panels. Up until now, no one has any idea as to who is behind this “business model”, although there are indicators Russian hackers are involved.

Check Point, a security research team, recently uncovered how the malware-as-a-service business model brings in roughly US$100,000 a month in revenue. That is a rather staggering amount, which goes to show how much interest there is by internet criminals to infect computers around the world with malware and ransomware.

By using these 15 Nuclear control panels, the malware-as-a-service providers infected nearly two million devices last month. Although the success rate was only 9.95%, that still leaves over 184,000 machines infected with malware. This number does not come as a complete surprise either, as exploit kits facilitate the execution of ransomware and banking Trojans remotely.

What makes the malware-as-a-service business model so dangerous is how cyber criminals help other malicious individuals attack unsuspecting users. Nuclear has been one of the top exploit kits for quite some time now, and it looks like this trend will continue for the foreseeable future.

However, it is important to note this entire malware-as-a-service business model has a critical flaw, as there is a central point of failure. The master server for all of these portals is controlled by the service provider, which inserts a certain level of “trust among criminals”. If the service provider would be arrested, law enforcement may be able to shut down all of the other portals.

Check Point also reports that ransomware is the dominant payload for this malware-as-a-service business model. Their statistics indicate close to 110,000 Locky droppers have been sent out, leading to US$12.7m in financial losses for victims. However, it appears some of the Nuclear portals have already been shut down, according to the report, which is a rather surprising turn of events.

Are you concerned about the malware-as-a-service phenomenon? What can we expect from internet criminals in the future/ Let us know in the comments below!